Get Started...

Run Using Java Web Start

The console waiting to sniff live traffic or replay packet capture.

We recommend running Deep Node with Java Web Start each time you launch the console so you always get the latest version automatically. Simply double-click the JNLP file (Windows) or the Launch script (Linux and Mac). See the Download page for more.

Learn the Concept

Our visualization allows you look from past to present across hundreds of endpoint data flows. Using a common time-axis, aggregated into a tree structure, we let you see the totality of network activity across any time period. Learn everything you need to know on The Concept page.

The TCP communication between 192.168.1.154 (all ports >1024) and 192.168.1.181 (port 22) across the last 30 minutes.

Start Navigating

Below are tutorial videos on basic navigation, control, and search inside the console.

Like a video game keyboard, the w/s keys move you forward and backward, and a/d move you left and right. Use the arrow keys to look around. Also, h toggles the Help menu. There's a lot more...

(Click picture to enlarge)

BASIC NAVIGATION (2:39)

USING THE MOUSE AND MENUS (2:05)

INSTANTANEOUS SEARCHING (2:07)

Setting "Baseline"

Sometimes the hardest part of network security and analysis is just getting to what's normal. We've created a lot of capabilities to get you there faster. You can filter and consolidate activity that is "known" or "safe" so you can focus on what is potentially "not". But you can always bring filtered activity back into view if your hypothesis changes...

FILTER AND PRUNE (2:19)

CONSOLIDATION AND SEPARATION (2:41)

Investigation and Analysis

Load a PCAP into the console and focus on what happened. If you flag something suspicious, save out to PCAP for deeper analysis or audit (Pro version). Command "bots" to mark and monitor specific traffic patterns. Turn on the AI to find prevalent patterns, so you can continuously improve baseline and pick out anomalies (Pro version).